Known Vulnerabilities for products from GNOME
Listed below are 20 of the newest known vulnerabilities associated with the vendor "GNOME".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39683 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-5119 json | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are t... | Not Provided | 2026-03-30 | 2026-04-01 |
| CVE-2025-14512 json | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflo... | Not Provided | 2025-12-11 | 2026-04-19 |
| CVE-2025-14087 json | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a deni... | Not Provided | 2025-12-10 | 2026-04-19 |
| CVE-2025-13601 json | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_st... | Not Provided | 2025-11-26 | 2026-04-19 |
| CVE-2023-43090 json | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of t... | 5.5 - MEDIUM | 2023-09-22 | 2023-09-26 |
| CVE-2023-38633 json | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to discl... | 5.5 - MEDIUM | 2023-07-22 | 2024-01-24 |
| CVE-2023-36250 json | CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted... | 7.8 - HIGH | 2023-09-14 | 2023-09-19 |
| CVE-2023-32665 json | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can ... | 5.5 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-32643 json | A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for... | 7.8 - HIGH | 2023-09-14 | 2023-09-20 |
| CVE-2023-32636 json | A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by addition... | 7.5 - HIGH | 2023-09-14 | 2023-11-10 |
| CVE-2023-32611 json | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause exces... | 5.5 - MEDIUM | 2023-09-14 | 2023-11-07 |
| CVE-2023-29499 json | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading ... | 7.5 - HIGH | 2023-09-14 | 2023-11-27 |
| CVE-2023-26081 json | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill... | 7.5 - HIGH | 2023-02-20 | 2023-11-07 |
| CVE-2023-5664 json | Not Provided | 2023-11-22 | 2026-04-08 | |
| CVE-2023-5557 json | A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code o... | 7.7 - HIGH | 2023-10-13 | 2023-11-07 |
| CVE-2022-48622 json | A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code o... | 7.8 - HIGH | 2024-01-26 | 2024-02-02 |
| CVE-2022-37290 json | GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename application crash via a pasted ZIP archive. | 5.5 - MEDIUM | 2022-11-14 | 2023-11-07 |
| CVE-2022-29536 json | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_sho... | 7.5 - HIGH | 2022-04-20 | 2023-11-07 |
| CVE-2022-27811 json | GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. | 9.8 - CRITICAL | 2022-03-24 | 2023-11-22 |
Known software with vulnerabilities from GNOME
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gnome | At-spi2-atk | 0.1.0 |
| Application | Gnome | Balsa | 2.5.0 |
| Application | Gnome | Byzanz | - |
| Application | Gnome | Control Center | - |
| Application | Gnome | Dia | 2019-11-27 |
| Application | Gnome | Epiphany | 0.7.0 |
| Application | Gnome | Evince | 0.1.0 |
| Application | Gnome | Evolution | - |
| Application | Gnome | Evolution-data-server | - |
| Application | Gnome | Evolution-data-server3 | 3.0.3 |
| Application | Gnome | Evolution-ews | - |
| Application | Gnome | Evolution Data Server | 3.9.1 |
| Application | Gnome | Eye Of Gnome | 3.16.5 |
| Application | Gnome | File-roller | 2.32.2 |
| Application | Gnome | Gcab | 0.4 |
| Application | Gnome | Gdk-pixbuf | - |
| Application | Gnome | Geary | 0.1 |
| Application | Gnome | Gedit | 3.22.1 |
| Application | Gnome | Glib | 1.1.0 |
| Application | Gnome | Glib-networking | 2.25.0 |